Log in to the online community

Want to post a reply? You'll need to log in
James Bond redux: profile update for the modern spy
Lisa Miles
1249 Posts
Anything that mentions James Bond and I'm there... 😊

Really interesting article in E&T about online social media spies and the tactics they use.

It's prompted me to just remind everyone in our community to report any suspicious behaviour from other community members and to be mindful of the amount of personal information you may be accidentally giving away.

Remember to visit and update your privacy settings regularly to ensure you're not giving away any personal information that you don't wish to and again, report any community member whose behaviour you're finding a little odd by visiting their profile and clicking on 'report'
4 Replies
OMS
694 Posts
Nothing new in this - some of our clients see several hundred thousand attempts each month to access information - some are just casual but some are really concerted attacks backed by state sponsored actors.

If you think of information like grains of rice, then you can either do a smash and grab on the warehouse which everyone notices, or steal it away a few grains at a time - which is where social media comes in - if you are observant enough, then you start to make connections between people, places and activities  - it's not likely that you would get the good stuff first off - but you will get the access you need eventually by targeting individual A to get a snippet and then lever that with Individual B to get more - who knows, you may even be there when someone leaves a bag on a train containing plans of a sensitive facility - resulting in millions of pounds of redesign work

It never ceases to amaze me just how much personal and commercial information that people put on social media platforms, without a second thought  - examples like the now infamous wife of the head of MI5 posting holiday plans are pretty normal - I even see hard of thinking employees of sensitive companies listing who they are, what they do, and where they work - making them prime targets for further scrutiny and contact.

It works at every level - in a previous life, I used to take one of the pretty girls from the office to a client site, give her a laptop bag and a hand bag and two cups of coffee - then hang a lookylikey badge around the neck and send her off  - you would be amazed at just how many people would open doors for her as she had her hands full and appeared to be fumbling for a legit pass.

Ditto for canteens lunchtime and local pubs early evening - it's amazing what gets discussed with no thought of being overheard

Ditto for trains - I overheard a couple of people on a train north of Warrington discussing a security upgrade project at Sellafield - aspects of which I knew to be at least restricted information. With a name written on the flyleaf of a notebook and an unremoved flight tag on another's laptop bag it took me about 10 minutes to get a photo, a name and a reasonably good profile of the individuals from social media.

Ditto for laptops - if you have the right seat, you get to see a lot of information without even looking for it. If you had a particular individual in mind, it's not difficult to get more and more information

Grains of rice 

OMS



 
Lisa Miles
1249 Posts
OMS:

....I overheard a couple of people on a train north of Warrington discussing a security upgrade project at Sellafield - aspects of which I knew to be at least restricted information. With a name written on the flyleaf of a notebook and an unremoved flight tag on another's laptop bag it took me about 10 minutes to get a photo, a name and a reasonably good profile of the individuals from social media.
 

I can't remember what the course was about (it was probably something to do with data protection or suchlike and it was years ago now) but I remember a tutor telling us about how he was able to steal a competitors client after overhearing a converstation on the train between two of their employees. They were discussing the issues they were having with the client so he swooped in (with this inside knowledge) and was able to convince the client that he was the one to fulfil their wishes. Something I always bear in mind when having sensitive conversations in public spaces and sometimes even in my own back garden... 
OMS
694 Posts
Lisa Miles:

Something I always bear in mind when having sensitive conversations in public spaces and sometimes even in my own back garden... 

Sure  - unless you fancy the interview without coffee and biscuits, then best advice is be like Dad - Keep Mum

Just to continue the theme, often the opposition don't want information in the first instance - they just need to prep an individual for an approach. Something along the lines of targeting a chap who was exceptionally proud of his gold swiss watch - family heirloom that had gone through the first day of the Somme and then been handed down - and he was foolish enough to say so on social media (Got a bit caught up in the 100th Anniversary stuff)

On an overseas gig, his watch disappeared from his hotel room - now you have a disgruntled chap off to get a few beers and moan. Two days later his watch was back in the hotel room, smashed - even more disgruntled chap, now a bit rattled as well, and off out to get a few more beers and moan to anyone willing to listen about his lot - just ripe for an approach by a good listener

Moral of that story - don't complain to strangers and don't post specific personal info on Twatter and Faceache

Regards

OMS

About 50 years ago during my MOD (Air) days, I wasn't even a Mariner then, let alone an Ancient Mariner; my Line Manager on ARC52 UHF one day looked a bit glum.

He had lost/mislaid his Access Tag which was an internally produced clip on tag ("they" had actually used a Crocodile Clip!) which consisted of a yellow card with a head and shoulders photo and row of letters to show whether you were entitled to be in that part of the site or not. The rest of the letters being blacked out.

One problem when they were first issued, was that there was no instruction as to whether or not you should take the tag off site after work. Similarly if not to be taken off site, then where was it to be left? If left clipped to your RAF issue White "Dust Coat" on your chair, night time firewatch/security patrol used to enjoy taking their finds to Management. This also begged the question regarding access without actually wearing it… Our "real" MOD(Air) id cards would normally be carried in your wallet, albeit an id card without a photograph!

Eddie's loss was no big deal, but I think he had lost one previously…

Whilst you were awaiting issue or reissue of a tag after a photograph had been taken, you were issued with Temporary tag with a large T in place of the photo. Similarly, if you were a Visitor, it had a large V.

Eddie was a keen caravaner and always had an old paperback copy of the AA Handbook on the bench in front of him.  I asked him if he had noticed that the AA Handbook cover was the same shade of yellow?  Followed by, "Do you want the cover?"  And "That AA logo would make an interesting Access Tag…" It did not take long to produce a bespoke AA Access Tag with the requisite letters and all neatly "laminated" with Sellotape. Eddie wore this tag daily for a few weeks without any questioning.

Then the day came when Eddie was summoned to a Senior Managers Office. The first thing Eddie noticed was his genuine Access Tag on the desk in front of him, with a Senior Manager now eyeing up Eddie's AA Tag. I cannot remember the full sequence of events, but I know that another tag been made, this time with a photo cut from a magazine article on Alan Wicker; at the time a well known investigative journalist and TV presenter. I am not sure whether this tag was worn as an experiment into whether anyone was actually taking notice of the tags, but I believe that eventually it was deliberately "lost" to confuse the nighttime firewatch/security patrol.
Clive


 

Share:

Log in

Want to post a reply? You'll need to log in